Title

The PercentUAllowed registry entry must be set properly. (Cat II impact)

Discussion

Http.sys is the kernel mode driver that handles HTTP requests. There are several registry keys associated with http.sys. The PercentUAllowed key allows the web server to accept Unicode character syntax via ASCII (i.e., through the URL). Allowing this type of notation, opens the web server to encoding attacks.

Check Content

1. Open the registry editor. 2. Navigate to the following location in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters. 3. Ensure the value for the PercentUAllowed key is set to REG_DWORD 0. If the registry value is not set to 0 or is missing, this is a finding.

Fix Text

1. Open the registry editor. 2. Navigate to the following location in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters. 3. Set the value for the PercentUAllowed key to REG_DWORD 0 or add the key and set it to REG_DWORD 0.

Additional Identifiers

Rule ID: SV-38166r1_rule

Vulnerability ID: V-13720

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.